I will create the final tar tomorrow evening (18:00 CET) But everybody please keep in mind to only commit bugfixes that donĀ“t break stuff.
Frank On 18.05.2012, at 18:32, Michael Gapczynski <[email protected]> wrote: > It seems that the redirect isn't working with or without sanitizing the > redirect_url. I'm still trying to figure out what is going on with this. > > I know the tar-file is being generated today, but is there a specific time? > > > Michael > > On Friday, May 18, 2012 03:42:24 PM Frank Karlitschek wrote: >> Thanks :-) >> >> On 18.05.2012, at 15:41, Michiel de Jong <[email protected]> wrote: >>> ok, i put it back. >>> >>> this still needs to be fixed properly though. >>> >>> On Fri, May 18, 2012 at 3:36 PM, Frank Karlitschek <[email protected]> > wrote: >>>> Attackers can do evil stuff if you don't filer header entries. >>>> This code was introduced as part of a security fix a few weeks ago. >>>> >>>> On 18.05.2012, at 15:20, Michiel de Jong <[email protected]> wrote: >>>>> how? it's a header() call. >>>>> >>>>> ah i just found MTGap on irc. thanks! >>>>> >>>>> On Fri, May 18, 2012 at 3:18 PM, Frank Karlitschek <[email protected]> > wrote: >>>>>> On 18.05.2012, at 15:16, Michiel de Jong <[email protected]> wrote: >>>>>>> Hi! >>>>>>> >>>>>>> Since the new routing, if the user is made to log in, we were always >>>>>>> sending her to the 'files' app, not to the page where she actually >>>>>>> wanted to go. There was also htmlentities() in the redirect header >>>>>>> which made no sense IMO. >>>>>>> >>>>>>> As this is quite important code, i was waiting for someone in >>>>>>> owncloud-dev to look at it together, but in the end i just committed >>>>>>> this: >>>>>>> >>>>>>> http://gitorious.org/owncloud/owncloud/commit/ea33b4aaa104252ff344e93a >>>>>>> 434e6c2eedcf438b/diffs/9b5e8a2c634e07d9c6e1693158e224eda7e5f673>>>> >>>>>> This introduces a XSS bug. >>>>>> Please revert >>>>>> >>>>>>> So maybe Georg or someone else should check if this is what was >>>>>>> intended. At least it was broken before, and this commit fixes it. >>>>>>> Have a nice release! tomorrow, right? >>>>>>> >>>>>>> >>>>>>> cheers, >>>>>>> Michiel >>>>>>> _______________________________________________ >>>>>>> Owncloud mailing list >>>>>>> [email protected] >>>>>>> https://mail.kde.org/mailman/listinfo/owncloud >>>>> >>>>> _______________________________________________ >>>>> Owncloud mailing list >>>>> [email protected] >>>>> https://mail.kde.org/mailman/listinfo/owncloud >> >> _______________________________________________ >> Owncloud mailing list >> [email protected] >> https://mail.kde.org/mailman/listinfo/owncloud > _______________________________________________ > Owncloud mailing list > [email protected] > https://mail.kde.org/mailman/listinfo/owncloud _______________________________________________ Owncloud mailing list [email protected] https://mail.kde.org/mailman/listinfo/owncloud
